Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plagued by pop ups !!


  • This topic is locked This topic is locked
2 replies to this topic

#1 bollos

bollos

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 06 April 2009 - 12:07 PM

Ever since I downloaded a game on a torrent (yeah...I know...dumb) I have been having a pop up problem. While it is not a big deal compared to virus problems others are having it is very annoying. Here is an idea of what are popping up and I made note of the time so you can see how often they come up:

<http://www.perfspot.com/join2.asp?p=99084&t=> 6:45
<http://www.skill2thrill.com/ca/ikea/ikea.aspx?affiliateid=afunz> 6:48
<http://www.wixawin.com/ca/ads/ipodtouchpin.aspx?affiliateid=afunz> 6:51
<http://sportsbook.com/landing/basketball/> 6:53
<http://www.wixawin.com/ca/ads/ipodtouchpin.aspx?affiliateid=afunz> 7:14

<http://www.sportsinteraction.com/sportsbook/index.cfm?section=mlb09&prid=14824&hit=1> 7:15

<http://www.celldorado.com/CA/ADS/45812451/?trackid=2062190196> 7:25
<http://www.adserver5.com/cy/indexint.html?1906696994463859539> 7:31
<http://www.bluenile.com/?cmp=4206e> 7:37
<http://www.adserver5.com/cy/indexint.html?56586616893979> 7:44
<http://www.celldorado.com/CA/ADS/1123418125/?trackid=2062190196> 8:00
<http://www.celldorado.com/CA/ADS/1789632138/?trackid=2062190196> 8:08


Here is my DDS - Notepad file:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Peter & Norma at 7:47:18.76 on Mon 04/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3039.2214 [GMT -7:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\P2Pcontrol\p2control.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Peter & Norma\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.mytelus.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [TELUS_McciTrayApp] c:\program files\telus\telus support centre\bin\McciTrayApp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"
mRun: [CTSysVol] c:\program files\creative\sbaudigy4\surround mixer\CTSysVol.exe /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [TEPA.exe] "c:\program files\telus\eprotect advisor\TEPA.exe" /AUTORUN
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [P2Pcontrol] c:\program files\p2pcontrol\p2control.exe
mRun: [Help Creative Meow City] c:\documents and settings\all users\application data\aim rect help creative\user idol.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-10 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-10 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-10 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-10 108552]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-10 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-10 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-2-10 1356616]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-2-10 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-2-10 29208]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-04-05 12:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Black Blob Studios
2009-04-05 11:00 <DIR> a-dshr-- C:\cmdcons
2009-04-05 10:59 161,792 a------- c:\windows\SWREG.exe
2009-04-05 10:59 98,816 a------- c:\windows\sed.exe
2009-04-05 10:57 <DIR> --d----- C:\ComboFix
2009-04-04 11:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\QuickClick
2009-04-04 11:12 0 a------- c:\windows\system32\drivers\ovfsth.sys
2009-04-04 10:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-04 10:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-04 10:32 <DIR> --d----- c:\docume~1\peter&~1\applic~1\SUPERAntiSpyware.com
2009-04-04 10:32 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-04 10:04 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-03 19:30 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-03 19:30 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-03 19:30 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-04-03 19:30 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-04-03 19:30 692,224 a------- c:\windows\system32\lxcydrs.dll
2009-04-03 19:30 65,536 a------- c:\windows\system32\lxcycaps.dll
2009-04-03 19:30 61,440 a------- c:\windows\system32\lxcycnv4.dll
2009-04-03 17:36 24 ---sh--- c:\windows\S561A5179.tmp
2009-04-03 17:36 <DIR> --d----- c:\program files\SlySoft
2009-04-03 17:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Elaborate Bytes
2009-04-03 17:31 <DIR> --d----- c:\program files\Elaborate Bytes
2009-04-03 10:45 103 a------- c:\windows\_vmtxp.ini
2009-04-03 10:40 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-03 08:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-03 08:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-03 08:09 105,170 a------- c:\windows\system32\drivers\c3440c0c.sys
2009-04-02 18:50 0 a------- c:\windows\system32\drivers\ovfsthpiasagimdlgvnnwmlimrsifqgjyoplop.sys
2009-04-02 17:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\aim rect help creative
2009-04-02 17:42 <DIR> --d----- c:\program files\inside grid
2009-04-02 17:42 <DIR> --d----- c:\docume~1\peter&~1\applic~1\inside grid
2009-04-02 17:42 <DIR> --d----- c:\program files\P2Pcontrol
2009-04-02 17:41 360,320 a------- c:\windows\system32\drivers\tcpip.original
2009-04-02 17:40 32 a------- c:\docume~1\peter&~1\applic~1\__t.bin
2009-04-02 17:40 <DIR> --d----- c:\docume~1\peter&~1\applic~1\_db56798fd2c156d83d463b2d71c886c9
2009-04-02 17:38 43 a------- c:\windows\system32\ovfsthxgqptlhqojorjyyoblydnxldjbtyxthm.dat
2009-04-02 17:37 53,168 a------- c:\windows\system32\ovfsthdjckvxjotysrdhbryjlcrktlwtgikfll.dat
2009-04-02 17:37 18,944 a------- c:\windows\system32\ovfsthomqxwxyllayfrbtkflxbohpullhyavmx.dll
2009-04-02 17:37 18,432 a------- c:\windows\system32\ovfsthshglnmupyckfmurwtafibcrvvpqmwyan.dll
2009-04-01 10:00 <DIR> --d----- c:\windows\Penguins` Journey
2009-03-31 16:26 5,556 a------- C:\oxbgfwy.exe
2009-03-31 16:26 0 a------- C:\dvgcs.exe
2009-03-31 15:38 <DIR> --d----- c:\docume~1\peter&~1\applic~1\Shape games
2009-03-31 15:38 <DIR> --d----- c:\windows\Success Story
2009-03-29 15:51 <DIR> --d----- c:\docume~1\peter&~1\applic~1\World-LooM
2009-03-29 11:58 <DIR> --d----- c:\docume~1\peter&~1\applic~1\RobinsonCrusoe
2009-03-29 07:36 68,378 a------- c:\windows\system32\rn.tmp
2009-03-28 08:19 <DIR> --d----- c:\windows\Sky Kingdoms
2009-03-26 21:52 <DIR> --d----- c:\program files\MSXML 6.0
2009-03-26 15:47 <DIR> --d----- c:\docume~1\peter&~1\applic~1\Flood Light Games
2009-03-26 15:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Flood Light Games
2009-03-26 15:47 <DIR> --d----- c:\windows\Womens Murder Club 2 BONUS
2009-03-25 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intenium
2009-03-25 10:53 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-25 10:52 14,048 -------- c:\windows\system32\spmsg2.dll
2009-03-25 10:51 <DIR> --d----- c:\windows\system32\xlive
2009-03-22 16:34 56,832 a------- c:\windows\system32\Iyvu9_32.dll
2009-03-22 16:34 <DIR> --d----- c:\windows\system32\SavedSystemFiles
2009-03-22 15:53 <DIR> --d----- c:\docume~1\peter&~1\applic~1\Pharaohs Secret
2009-03-22 14:47 <DIR> --d----- c:\program files\SpintopGames
2009-03-22 14:47 <DIR> --d----- c:\windows\Yumsters! 2
2009-03-22 10:31 39 a------- c:\windows\Xnews.ini
2009-03-21 12:04 <DIR> --d----- c:\docume~1\peter&~1\applic~1\Folder Guard
2009-03-20 17:37 22 a------- c:\windows\popcinfot.dat
2009-03-20 17:37 0 a------- c:\windows\popcreg.dat
2009-03-20 17:37 <DIR> --d----- c:\program files\PopCap Games
2009-03-20 11:11 <DIR> --d----- c:\docume~1\peter&~1\applic~1\Total Eclipse
2009-03-17 23:58 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-17 23:58 22,328 a------- c:\docume~1\peter&~1\applic~1\PnkBstrK.sys
2009-03-17 23:58 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-03-17 23:58 2,250,024 a------- c:\windows\system32\pbsvc.exe
2009-03-17 23:58 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-03-14 23:15 104,960 a------- c:\windows\system32\COMNCTR.DLL
2009-03-14 23:15 97,792 a------- c:\windows\system32\LGUICOM.DLL
2009-03-14 23:15 16,896 a------- c:\windows\system32\LMOUSE32.DLL
2009-03-14 23:15 3,568 a------- c:\windows\system32\LMOUSE16.DLL
2009-03-14 23:15 <DIR> --d----- c:\program files\common files\Logitech
2009-03-14 23:15 70,801 a------- c:\windows\system32\drivers\LMouFlt2.Sys
2009-03-14 23:15 51,729 a------- c:\windows\system32\drivers\L8042pr2.Sys
2009-03-14 23:15 23,375 a------- c:\windows\system32\LCoInst.Dll
2009-03-14 23:15 152,064 -------- c:\windows\system32\lmoufrc.dll
2009-03-14 23:15 37,887 -------- c:\windows\system32\drivers\LHIDUSB.SYS
2009-03-14 23:15 25,505 -------- c:\windows\system32\drivers\LHIDFLT2.SYS
2009-03-14 23:15 19,968 -------- c:\windows\LOGI_MWX.EXE
2009-03-14 23:15 14,095 -------- c:\windows\system32\drivers\LCCFLTR.SYS
2009-03-14 19:40 950 a------- c:\windows\EReg176.dat
2009-03-14 19:38 306,688 a------- c:\windows\IsUninst.exe
2009-03-14 19:38 <DIR> --d----- c:\documents and settings\peter & norma\WINDOWS
2009-03-14 16:02 546 a------- c:\windows\eReg.dat
2009-03-13 15:29 319 a------- c:\windows\game.ini
2009-03-13 14:24 <DIR> --d----- c:\program files\common files\DirectX
2009-03-10 15:44 <DIR> --d----- c:\docume~1\peter&~1\applic~1\Pogo Games
2009-03-10 15:43 <DIR> --d----- c:\windows\Tri Peaks 2 Quest For The Ruby Ring
2009-03-10 12:31 <DIR> --d----- c:\docume~1\peter&~1\applic~1\SBTT
2009-03-10 09:08 433 a------- c:\windows\Buildalot3.ini

==================== Find3M ====================

2009-04-02 21:55 737,280 a------- c:\windows\iun6002.exe
2009-03-26 16:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 16:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-25 09:48 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-25 09:48 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-25 09:47 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-24 09:39 4,096 a------- c:\windows\d3dx.dat
2009-02-22 19:34 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-22 19:34 47,360 a------- c:\docume~1\peter&~1\applic~1\pcouffin.sys
2009-02-16 20:33 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-16 14:22 63,488 a------- c:\windows\xobglu16.dll
2009-02-16 14:22 38,224 a------- c:\windows\xobglu32.dll
2009-02-15 08:26 2,064 a------- c:\windows\system32\ealregsnapshot1.reg
2009-02-13 15:35 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-10 20:29 233,472 a------- c:\windows\system32\wrap_oal.dll
2009-02-10 20:29 81,920 a------- c:\windows\system32\OpenAL32.dll
2009-02-10 18:32 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-02-10 18:32 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-02-10 18:32 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-02-10 16:43 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 03:19 1,846,272 a------- c:\windows\system32\win32k.sys
2004-03-11 14:27 40,960 a------- c:\program files\Uninstall_CDS.exe

============= FINISH: 7:47:37.18 ===============

Edited by Orange Blossom, 06 April 2009 - 09:59 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 bollos

bollos
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 07 April 2009 - 11:40 AM

You can close this one I think. I used a bunch of different malware programs recommended in other threads in safe mode and no pop ups for the last 24 hours. Considering i was getting 5 or 6 an hour before that I think I am ok now.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:38 PM

Posted 09 April 2009 - 11:39 PM

Thanks for informing us.

Good luck.

This Topic is closed.

Should you need it reopened, please contact me or a Forum Moderator via PM. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users